I've become used to the script kiddies sending out large connection requests (I do have a threshold set). They are able to get around it by other connections. For example, I had 857 connects of this:

Aug 28 11:57:35 mail postfix/smtpd[20544]: connect from unknown[5.232.194.77] Aug 28 11:57:35 mail postfix/smtpd[20544]: warning: Connection rate limit exceeded: 56 from unknown[5.232.194.77] for service smtp Aug 28 11:57:35 mail postfix/smtpd[20544]: disconnect from unknown[5.232.194.77] ehlo=1 auth=0/1 unknown=0/2 commands=1/4

While it may be time for an external tool like fail2ban, I'm wondering if there are other measures I can take, that may break things (but I'm the only one that uses this system), such as changing port numbers of certain services.

I do block the IP spaces when I see this, which is a no-brainer. But I wonder how others are mitigating this activity. Pointers, advice welcomed (and thanks in advance).


_F


Reply via email to